5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
55.8%
The remote host has a version of Oracle WebCenter Portal installed that is affected by the following vulnerabilities :
A flaw exists in Oracle’s implementation of the JSR (Java Specification Request) 286 Portlet Specification functionality. A remote, authenticated attacker can exploit this, via crafted portal URL, to affect confidentiality and integrity. (CVE-2015-1926)
A security bypass vulnerability exists in the Portlet Bridge for JavaServer Faces due to a failure to properly restrict access to resources in web applications. A remote attacker can exploit this, via a URL with a modified resource ID, to disclose sensitive information.
(CVE-2015-3244)
Binary data oracle_webcenter_portal_july_2015_cpu.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | fusion_middleware | cpe:/a:oracle:fusion_middleware |